From b0663967dccf02f4a01e7f75b6e9aff92403a52c Mon Sep 17 00:00:00 2001
From: xgaia <xgaia@gmx.com>
Date: Tue, 14 Dec 2021 19:53:43 +0100
Subject: [PATCH 1/2] fix: get username from url params

---
 www/account_manager/new_user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/account_manager/new_user.php b/www/account_manager/new_user.php
index bbaa1ac..e6b1eed 100644
--- a/www/account_manager/new_user.php
+++ b/www/account_manager/new_user.php
@@ -62,7 +62,7 @@
   $sn=filter_var($_GET['last_name'], FILTER_SANITIZE_STRING);
   $new_account_r['sn'] = $sn;
 
-  $uid = generate_username($givenname,$sn);
+  $uid = filter_var($_GET['username'], FILTER_SANITIZE_STRING);
   $new_account_r['uid'] = $uid;
 
   if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {

From 17fbe1f663b2fccf153533a01e5ade27f7968b4a Mon Sep 17 00:00:00 2001
From: xgaia <xgaia@gmx.com>
Date: Tue, 14 Dec 2021 19:57:55 +0100
Subject: [PATCH 2/2] fix: repalce deprecated FILTER_SANITIZE_STRING

---
 www/account_manager/new_user.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/www/account_manager/new_user.php b/www/account_manager/new_user.php
index e6b1eed..e380e09 100644
--- a/www/account_manager/new_user.php
+++ b/www/account_manager/new_user.php
@@ -44,7 +44,7 @@
 
 foreach ($attribute_map as $attribute => $attr_r) {
  if (isset($_POST[$attribute])) {
-  $$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_STRING);
+  $$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
  }
  elseif (isset($attr_r['default'])) {
   $$attribute = $attr_r['default'];
@@ -56,13 +56,13 @@
 
 if (isset($_GET['account_request'])) {
 
-  $givenname=filter_var($_GET['first_name'], FILTER_SANITIZE_STRING);
+  $givenname=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
   $new_account_r['givenname'] = $givenname;
 
-  $sn=filter_var($_GET['last_name'], FILTER_SANITIZE_STRING);
+  $sn=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
   $new_account_r['sn'] = $sn;
 
-  $uid = filter_var($_GET['username'], FILTER_SANITIZE_STRING);
+  $uid = filter_var($_GET['username'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
   $new_account_r['uid'] = $uid;
 
   if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {